Second, test redundant systems through to resumption of normal operations. In this case, the operators had tested to ensure that the redundant systems would come online in the event of a failure of the primary system. They had not tested to see what would happen when the primary system was restored to normal operation.
Who would have even thought about it? I confess that I would not have.
Anyone who has their rear end on the line would. I spent quite a few years doing engineering at a Nuclear Power Plant. We engineered and tested everything, to the point of having drills including *ALL* of the highly possible events, a high majority of the low possibility events, and even some of the catastrophic events that aren't supposed to be able to even occur. The difference is two-fold. One, if it breaks, does it end up killing your (or make you glow in the dark)? and two, do you take the attitude that it will break, no matter what you do? Number One, could always be rephrased into a question more like, does this affect my financial well being, if the answer is no, then your off the hook, and your management is on the hook. Number two is number two, and IMHO, anyone who thinks they are not susceptible to failures is deserving of what they receive... Chris